Subtitle: "the toxic infiltration of politicised "Code of Conduct" documents in open source communities - one 'covenant' to rule them all".

The following should not be construed as legal or otherwise formal advice. Where appropriate consult a suitably qualified contract, business or legal representative for assistance.

Keeping Users 'safe' in VR isn't a new issue, the games, interactive and social media industries have long wrestled with the problem to varying degrees of success which, at the end of the day, ostensibly hinge on Terms of Service violations rather than perceived behavioural transgressions. In other words when an individual is reported for harassing or abusing another, they are not reprimanded for the actual abuse or harassment, but instead for the terms of service violation this constitutes[1]

It's important to understand the distinction here, developers are bound by service agreements unless there are broader violations of societal law involving the service itself, trafficking credit-card information for example. In this sense internet harassment or abuse are not 'crimes' from a service providers point of view (despite media rhetoric on the matter), as such this makes perceived abuses and harassment of the individual the domain of the individual, it is they who are obliged to prosecute in the absolutist legal sense[2], subpoenaing the provider for records[3] where necessary. Essentially, outside service agreement violations, service providers cannot offer, provide or imply remedial punishments for subjectively perceived criminal behaviour, they can only record incidents and reprimand Users based on what's defined by the User Agreements.

Where potentially 'criminal' or 'offensive' activities do occur, the service providers obligation is typically to the security of the service rather than the User, at least to the degree the provider ensures 'offensive' (in the criminal sense of an 'offense' having occurred), illegal or criminal activities don't affect Users as a direct consequence of service provision. Even then if the service somehow facilitates the theft of personal data for example, they are generally indemnified, another binding term typically included in their respective service agreements. In totality this means it's important Users read them.

With all this in mind, the current pathologically anxiety about who to blame for bad in-game, in-VR experiences, has advocates, activists, acolytes and supporters fronting politicised Code of Conduct[4] policies as a solution to VR's "ethics" problems and the generaltoxicity of gaming and the internet, missing the point entirely; Code of Conduct's are not politicised manifestos or the domain of thinly disguised progressive politics, they are functional, binding documents backed by the force of (contract) law[5].

For business this means these generic documents are not worth the trouble they represent, more so when their respective authors are rarely if ever held to account or can be found responsible for fall-out from such ill-conceived, poorly defined, politically driven policies[6]. The use of boiler plate Terms of Service agreements, User Agreements, Code of Conduct's, or other generic, third-party 'rule' or 'policy' documents should be avoided because there are just too many statutory risks involved and unintended legal consequences to not being in full ownership of a given service and any accompanying legal documents[7].

[2] barring the obvious, it's up to the individual to determine whether another's behaviour is actionable. Once that has been determined, and law enforcement is involved, pursuit is up to the individual. This is notwithstanding the fact that there are strict evidentiary tests in place to determine whether the accused is '****-posting' versus being genuinely harassing. In the UK for example the Crown Prosecution has this to say; "[a] communication sent has to be more than simply offensive to be contrary to the criminal law. Just because the content expressed in the communication is in bad taste, controversial or unpopular, and may cause offence to individuals or a specific community, this is not in itself sufficient reason to engage the criminal law".

[3] this is why its crucial the first port of call is to report any incidents of harassment or abuse so there is a record, irrespective as to whether anything being done about the incident - these records form the basis upon which a criminal case can be built. Unfortunately too many advocacy and activist groups advise victim to not waste their time doing this, wholly missing the point why victims should make or file reports. Anyone advocating this should be resoundingly ignored.

[4] the most popular Code of Conduct used in FoSS and OSS communities is the "Contributor Covenant". It is a political document whose author(s) appears to have little or no grounding in Law, Business or respective Contracting.

[5] the code of conduct documents at the heart of this discussion are not community aids, their point is exactly political leverage, to gather "allies", "advocate" and "activists", collateral and agents willing to spread of the politics the documents espoused and/or endorsed. They are not intended to be used in any formal binding sense, which is why their authors won't allow themselves to be held accountable for the fallout from their use (cf. 6 below).

[6] on the (thankfully) rare occasions something does happen, the Code of Conduct authors either disappear, become unreachable, or in rare instances issue pithy Twitter tweets or Facebook messages absolving themselves of any wrong-doing, insisting the project or business wasn't forced to adopt the Code of Conduct - glossing over the social-ostracising and shaming tactics typically employed by acolytes and supporters in the press and across social media to (almost universally passive-aggressively) coerce compliance. In other words they never, if very rarely admit faultIn other words they never, if very rarely admit fault. This puts all the onus and legal consequences of a problem squarely in the hands of the project or business that employed someone else's conduct policies whilst having little inkling as to the authors intent behind the language used.

[7] for business the danger of using third-party user agreements, be they the types of Codes discussed in the above or not, that have not been specifically drawn up by legal council to match the service provided is ostensibly two-fold; 1) is the implied transfer of liability (real or not) and 2) it presents a lack of ownership over whatever service is being provided. Both have potentially actionable consequences for business owners.